Mohd Izham, Ibrahim and Aman, Jantan and Mohammad, Rasmi (2012) A Defensive Evidence Model: An Approach of Security Model for Storing Digital Evidence in Network Forensics. In: International Conference on Computational Science and Information Management (ICoCSIM) , 3-5 December 2012 , Toba Lake, North Sumatera, Indonesia. pp. 251-258..
|
PDF (FSKKP-2012-Izham-defensive evidence model)
48ICoCSIM.pdf Download (681kB) |
Abstract
Network Forensics Investigators apply most of the network monitoring tools, such as Snort or WinPcap to monitor or identify potential evidence to be collected and stored. However, these tools are lack of protection mechanisms to keep the evidence safe as well as the rising issues of chain-of-custody that are not properly managed or addressed. Therefore, people with intentions may disrupt the collection process and tampered the contents of the stored evidence. Considering these issues, this paper proposes a Defensive Evidence Model (DEM) to manage the evidence collection processes as well as providing defensive measures to protecting the evidence. Features of DEM were adapted from four security models; Bell-LaPadula, Biba, Clark-Wilson and Goguen-Meseguer Model and integrated with the Forensics Investigation process. The assessment of DEM performed from two different aspects, first by analyzing the attack and second, evaluating the process through CIAA security requirements to determine the workability of the created model.
Item Type: | Conference or Workshop Item (Speech) |
---|---|
Additional Information: | Proceedings of the First International Conference on Computational Science and Information Management (ICoCSIM2012) ISBN 978-967-0120-60-7 Vol. 1 |
Uncontrolled Keywords: | Network forensics; Evidence preservation; Security model; Security requirement process |
Subjects: | Q Science > QA Mathematics > QA76 Computer software |
Faculty/Division: | Unspecified Faculty of Computer System And Software Engineering |
Depositing User: | NOR NADIA SHAHIDA ZAKRIA |
Date Deposited: | 10 Jul 2013 03:51 |
Last Modified: | 03 Mar 2015 08:02 |
URI: | http://umpir.ump.edu.my/id/eprint/3668 |
Download Statistic: | View Download Statistics |
Actions (login required)
View Item |